fireflies-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash tools (grep, curl, tar) to aggregate system information and log files into a local bundle for troubleshooting.
- [DATA_EXFILTRATION]: Accesses potentially sensitive files including ".env" and "~/.npm/_logs/*.log". While the script includes a sed-based redaction mechanism for environment variables, this method may not be comprehensive for all data formats, such as multi-line values or specific key-value structures.
- [INDIRECT_PROMPT_INJECTION]: The skill reads from local log files which ingest data from external sources like API responses and network traffic. This creates a surface where malicious instructions could be embedded in logs and subsequently processed by the agent.
- Ingestion points: Local log files and environment configuration files.
- Boundary markers: None present.
- Capability inventory: Bash (grep, curl, tar), Read.
- Sanitization: Minimal sed-based redaction for environment files.
Audit Metadata